In order for Intersite Communication to be secure, each communication needs to include shared secret hashes that are used to authenticate the transmission.
We will do this by configuring the API system in Site B. This can handle multiple API Keys, allowing multiple sites to communicate with it, but for this example we will be creating just one record.
To set this up,
Create this configuration in Site B
Create a Table, called say "API Key"
This should have the following fields:
| Field name | Datatype |
| RecordID | Record Id |
| ComponentID | Component ID |
| App Name | Text |
| Domain | Text |
| Account SID | GUID |
| Secret Key | GUID |
In the Events for this table, under the Record Change event, set it to Reload API Keys
Create a Query, called say "Load API Keys"
In this Query add the "API Key" table.
Include all the fields from this table in the field grid.
No further configuration of the query is needed.
Note at this stage we haven't added any records to the table, so the query preview won't show anything.
Map the API Keys
In the Layout Manager, Site Properties, API Key tab (found under the globe node at the top of the site tree)
Click the [...] button against Configuration. In the dialog that appears, select the Query "Load API Keys", and from the dropdowns map each of the fields to match their respective prompts:
.png)
OK out of this and the underlying dialog.
Create a record in the API Keys Table
Now create a single record in this table. Most field values will be populated automatically, but there are two that you need to set:
App Name
Set this to say "Intersite comms" or similar.
Domain
This should be set to the domain name where Site A is located.
This should not include any protocol prefixes. So if Site A will be at https://www.example.com then enter www.example.com
If Site A will be on a /sites URL, eg https://www.example.com/sites/1234/ then just enter www.example.com
Save the record.
When it is saved, the Reload API Keys event action will cause the API system to run the Load API Keys query and load in the data from that table into the internal API system, where it will be ready to be used by the Intersite Communication event when it receives a connection from Site A.
Make a note of the Account SID and the Secret Key that were generated when the record was saved, as these will need to be entered into Site A.
Create this configuration in Site A
Create a Table, called say "API Key"
This should have the following fields:
| Field name | Datatype |
| RecordID | Record Id |
| Account SID | Text |
| Secret Key | Text |
| Endpoint | Text |
Note: unlike in the Site B configuration, the Account SID and Secret Key fields here are of datatype Text, not GUID.
Create a record in this table
Account SID
Set this to be the Account SID taken from the table in Site B, but prefix it with the two letters AC (short for account)
So if the Account SID was: 06b82994d9cb449da82de4ff9cc42496, enter AC06b82994d9cb449da82de4ff9cc42496
Secret Key
Set this to be the Secret Key taken from the table in Site B. (No need for any prefixes with this field)
Endpoint
Set this to be the URL of Site B, followed by the /api/ and the endpoint name, followed by a /
In this example the endpoint will be api/test/
so if the url of site B was https://www.example.com, the value entered here would be:
https://www.example.com/api/test/
But you will need to adjust this to the actual URL where Site B is
Note: the trailing slash at the end is important
Create a Query, called say "API Key"
In this Query add the "API Key" table.
Include all the fields from this table in the field grid.
No further configuration of the query is needed.
